Java Vulnerability Information
Posted January 25, 2013
On January 10, 2013, security professionals reported that an unpatched vulnerability in Java software exposed Windows, Macintosh, and Linux computers to malware infections simply from browsing the Web. Although Oracle patched critical Java vulnerabilities, the U.S. Computer Emergency Readiness Team (US-CERT) continues urging users to disable Java browser plug-ins due to the number and severity of this and prior Java vulnerabilities.
What Is Java?
The Oracle Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Java is installed on approximately 66% of all computers, although very few websites rely on the features it provides.
Why Should I Be Concerned?
This most recent exploit enables automatic malware downloads, meaning that users do not have to click a malicious link to get their computers infected. Simply using a vulnerable version of Java is sufficient to compromise a computer.
What Should I Do?
Don't Need Java? Disable It.
- Instructions for disabling Java in your browser
- Not sure if you need Java? Most users don't need it. Disable it for the short-term; if you find that websites require it, re-enable it and ensure it is updated (see below)
Need Java? Update It.
- Verify your Java Version and install an update if instructed